Course Content
1
The Incident Response Lifecycle: NIST SP 800-61 and the SOC Analyst Workflow
5 lessons- 1Map a Real Alert to the Six NIST SP 800-61 Phases28 min
- 2Triage and Score Alerts Using Severity, Impact, and CVSS28 min
- 3Write an Incident Ticket With IOCs, Timeline, and Escalation28 min
- 4Distinguish Events, Alerts, and Incidents to Filter SOC Noise28 min
- 5Integrate the Lifecycle: Build a Triage Decision Runbook30 min
2
Wireshark: Capturing and Analyzing Network Traffic During an Incident
5 lessons- 1Capture Live Traffic and Apply Capture Filters in Wireshark28 min
- 2Isolate Suspicious Flows With Display Filters and TCP Handshake28 min
- 3Follow TCP Streams to Reconstruct Attacker Commands and Exfiltrated Data28 min
- 4Identify DNS Tunneling and TLS Anomalies as IOCs30 min
- 5Build a Forensic Evidence Package From a Full Incident Capture32 min
3
Nmap: Scoping the Attack Surface and Detecting Unauthorized Hosts
4 lessons4
Containment, Evidence Handling, and Forensics Basics
4 lessons5